Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Varbase FAQs 9.2.1 Minor update available for module varbase_faqs (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module protects your site from simple crawlers like AI scrapers by testing their ability to handle redirects and cookies. It quickly responds to problematic bots with an error before the full page is computed, reducing performance impact. You can define which URLs are protected and exclude specific IPs or user agents.

This module is designed to provide protection from simple crawlers such as AI scrapers or crawling scripts, by testing their ability to follow redirects and handle cookies.

Many AI bots and non-conventional crawlers do not respect robots.txt and can cause significant performance issues on pages with heavy computation, such as search pages.

The module will not fully block bot traffic or force timeouts, but it will significantly reduce their impact by quickly returning a 302 or 401 response without computing the page, which is not served from Page Cache.

You can define URL patterns subject to the protection using PCRE regex patterns. Use non-capturing groups in your patterns, as they are tested with preg_match(). Poorly written regex rules can accidentally protect the entire site and affect SEO
crawlers.

We recommend applying the same patterns as your robots.txt.

By default, a retry attempt is provided via a Refresh header to allow legitimate users to recover from an accidental challenge failure. This behavior can be disabled by setting the redirect error delay to zero.

A challenge cookie named SESScookiebotprotection is created to validate the challenge. This name is chosen to bypass generic Varnish/Fastly configurations for Drupal.

Specific IP addresses and User-Agent strings can be excluded from the challenge.

This module is intended as a lightweight tool for sites that cannot install a challenge-based WAF such as Anubis or go-away as a reverse proxy.

Because the cookie name is central to the project's identity, this module will not evolve to provide other protection mechanisms such as JavaScript Proof of Work or CAPTCHA challenges.

Activity

Total releases
14
First release
May 2025
Latest release
1 month ago
Releases (12 mo)
4 ▼ from 10
Maintenance
Active

Release Timeline

Releases

Version Type Release date
2.0.x-dev Dev Jun 13, 2026
1.0.11 Stable Jun 13, 2026
1.0.10 Stable Jul 18, 2025
1.0.9 Stable Jul 18, 2025
1.0.8 Stable Jun 23, 2025
1.0.7 Stable Jun 4, 2025
1.0.6 Stable May 26, 2025
1.0.5 Stable May 22, 2025
1.0.4 Stable May 18, 2025
1.0.3 Stable May 16, 2025
1.0.2 Stable May 16, 2025
1.0.1 Stable May 15, 2025
1.0.0 Stable May 15, 2025
1.0.x-dev Dev May 14, 2025